[Openid-specs-heart] Dissecting the Release of information form

Debbie Bucci debbucci at gmail.com
Wed Jul 20 22:23:48 UTC 2016


Glen 

What struck me about the ROI is the potential to use as an example for general use.   All along Adrian had been trying to point out the similarities and only until recently have I begun to understand the how parts of the UMA protocol could be used to effectively describe (and essentially is ) an authorization for release of info.

I'd also like to propose that although the confidentiality codes may not be used in FHIR the vocabulary has been accepted by HL7 so why couldn't that be used as a scope that all would consume and understand?  How the value iRS chooses to process out of scope.  Would f my that be a baby step in the right direction?

On July 19, 2016, at 12:34 PM, "Glen Marshall [SRS]" <gfm at securityrs.com> wrote:

<!-- /* Font Definitions */ @font-face 	{font-family:Helvetica; 	panose-1:2 11 6 4 2 2 2 2 2 4;} @font-face 	{font-family:Wingdings; 	panose-1:5 0 0 0 0 0 0 0 0 0;} @font-face 	{font-family:"Cambria Math"; 	panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face 	{font-family:Calibri; 	panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal 	{margin:0in; 	margin-bottom:.0001pt; 	font-size:12.0pt; 	font-family:"Times New Roman",serif;} a:link, span.MsoHyperlink 	{mso-style-priority:99; 	color:#0563C1; 	text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed 	{mso-style-priority:99; 	color:#954F72; 	text-decoration:underline;} p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph 	{mso-style-priority:34; 	margin-top:0in; 	margin-right:0in; 	margin-bottom:0in; 	margin-left:.5in; 	margin-bottom:.0001pt; 	font-size:12.0pt; 	font-family:"Times New Roman",serif;} p.msonormal0, li.msonormal0, div.msonormal0 	{mso-style-name:msonormal; 	mso-margin-top-alt:auto; 	margin-right:0in; 	mso-margin-bottom-alt:auto; 	margin-left:0in; 	font-size:12.0pt; 	font-family:"Times New Roman",serif;} span.EmailStyle18 	{mso-style-type:personal-reply; 	font-family:"Helvetica",sans-serif; 	color:windowtext;} .MsoChpDefault 	{mso-style-type:export-only; 	font-family:"Calibri",sans-serif;} @page WordSection1 	{size:8.5in 11.0in; 	margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 	{page:WordSection1;} /* List Definitions */ @list l0 	{mso-list-id:1073701697; 	mso-list-type:hybrid; 	mso-list-template-ids:-494785512 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;} @list l0:level1 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:none; 	mso-level-number-position:left; 	text-indent:-.25in; 	font-family:Symbol;} @list l0:level2 	{mso-level-number-format:bullet; 	mso-level-text:o; 	mso-level-tab-stop:none; 	mso-level-number-position:left; 	text-indent:-.25in; 	font-family:"Courier New";} @list l0:level3 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:none; 	mso-level-number-position:left; 	text-indent:-.25in; 	font-family:Wingdings;} @list l0:level4 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:none; 	mso-level-number-position:left; 	text-indent:-.25in; 	font-family:Symbol;} @list l0:level5 	{mso-level-number-format:bullet; 	mso-level-text:o; 	mso-level-tab-stop:none; 	mso-level-number-position:left; 	text-indent:-.25in; 	font-family:"Courier New";} @list l0:level6 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:none; 	mso-level-number-position:left; 	text-indent:-.25in; 	font-family:Wingdings;} @list l0:level7 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:none; 	mso-level-number-position:left; 	text-indent:-.25in; 	font-family:Symbol;} @list l0:level8 	{mso-level-number-format:bullet; 	mso-level-text:o; 	mso-level-tab-stop:none; 	mso-level-number-position:left; 	text-indent:-.25in; 	font-family:"Courier New";} @list l0:level9 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:none; 	mso-level-number-position:left; 	text-indent:-.25in; 	font-family:Wingdings;} @list l1 	{mso-list-id:1355571671; 	mso-list-template-ids:-1837741326;} @list l1:level1 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:.5in; 	mso-level-number-position:left; 	text-indent:-.25in; 	mso-ansi-font-size:10.0pt; 	font-family:Symbol;} @list l1:level2 	{mso-level-number-format:bullet; 	mso-level-text:o; 	mso-level-tab-stop:1.0in; 	mso-level-number-position:left; 	text-indent:-.25in; 	mso-ansi-font-size:10.0pt; 	font-family:"Courier New"; 	mso-bidi-font-family:"Times New Roman";} @list l1:level3 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:1.5in; 	mso-level-number-position:left; 	text-indent:-.25in; 	mso-ansi-font-size:10.0pt; 	font-family:Wingdings;} @list l1:level4 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:2.0in; 	mso-level-number-position:left; 	text-indent:-.25in; 	mso-ansi-font-size:10.0pt; 	font-family:Wingdings;} @list l1:level5 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:2.5in; 	mso-level-number-position:left; 	text-indent:-.25in; 	mso-ansi-font-size:10.0pt; 	font-family:Wingdings;} @list l1:level6 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:3.0in; 	mso-level-number-position:left; 	text-indent:-.25in; 	mso-ansi-font-size:10.0pt; 	font-family:Wingdings;} @list l1:level7 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:3.5in; 	mso-level-number-position:left; 	text-indent:-.25in; 	mso-ansi-font-size:10.0pt; 	font-family:Wingdings;} @list l1:level8 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:4.0in; 	mso-level-number-position:left; 	text-indent:-.25in; 	mso-ansi-font-size:10.0pt; 	font-family:Wingdings;} @list l1:level9 	{mso-level-number-format:bullet; 	mso-level-text:; 	mso-level-tab-stop:4.5in; 	mso-level-number-position:left; 	text-indent:-.25in; 	mso-ansi-font-size:10.0pt; 	font-family:Wingdings;} ol 	{margin-bottom:0in;} ul 	{margin-bottom:0in;} --> 

While I think that mapping a Release of Information form onto UMA protocol data would be useful as a proof of concept exercise, I am left wondering:

·         The form itself is just an instance.

o   Has it been vetted for peer review at the policy level, i.e., can it be easily adapted for more general use?

o   Is there a compendium of federal and state requirements we can reference, or can we use a reasonable guess to start the analysis without extensive debate?  We need to avoid the 42CFR quicksand, and similar well-bounded cases.  

o   Is there some general user experience design guidance – paper or on-screen – for collecting Release of Information from patients or their authorized representatives?

o   How can we minimize the cognitive challenges that sick people have when presented with a sheaf of forms to sign when seeking treatment?

o   Is this work in-scope for HEART?  

·         Are we going to propose a standardized API for such mapping?  

o   Is this work in-scope for HEART?  

 

I think the most useful outcome of this line if inquiry is proof that OAuth and UMA can be used for health care data access control, without extensions or with a small set of extensions.

 

Glen

 

Glen F. Marshall

Consultant

Security Risk Solutions, Inc.

698 Fishermans Bend

Mount Pleasant, SC 29464

Tel: (610) 644-2452 

Mobile: (610) 613-3084

gfm at securityrs.com

www.SecurityRiskSolutions.com

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160720/be2c58f3/attachment.html>


More information about the Openid-specs-heart mailing list